Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Windows XP - prośba o pomoc w usunięciu SafeFinder

Jarecki21 10 Lut 2016 18:38 597 2
  • Pomocny post
    #2 10 Lut 2016 19:06
    Kolobos
    Spec od komputerów

    Zainstaluj http://ninite.com/java/

    Odinstaluj SafeFinder

    Fixlist.txt dla FRST:
    Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\WACICI~1\DANEAP~1\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1432843825.job => C:\Program Files\Opera\launcher.exe
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\WłaścicielPapawPhotographicV2.job => C:\WINDOWS\system32\rundll32.exe FlockierCreepiness.dll
    AlternateDataStreams: C:\WINDOWS:nlsPreferences
    HKU\S-1-5-21-1417001333-1580436667-1801674531-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
    HKU\S-1-5-18\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f
    AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DANEAP~1\Lightzap\WarmOzestock.dll => C:\Documents and Settings\All Users\Dane aplikacji\Lightzap\WarmOzestock.dll [257536 2016-02-08] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...f17HPxS3twZGVrPeWb0vH7QM7alppxIiOvTeIqK3wkQ,,,,
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...39tqWFho1ZFB_g-v3ODBMUdigoF37w4JrJUw,,&q={searchTerms}
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...39tqWFho1ZFB_g-v3ODBMUdigoF37w4JrJUw,,&q={searchTerms}




    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...39tqWFho1ZFB_g-v3ODBMUdigoF37w4JrJUw,,&q={searchTerms}
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...f17HPxS3twZGVrPeWb0vH7QM7alppxIiOvTeIqK3wkQ,,,,
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...39tqWFho1ZFB_g-v3ODBMUdigoF37w4JrJUw,,&q={searchTerms}
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...39tqWFho1ZFB_g-v3ODBMUdigoF37w4JrJUw,,&q={searchTerms}
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...39tqWFho1ZFB_g-v3ODBMUdigoF37w4JrJUw,,&q={searchTerms}
    HKU\S-1-5-21-1417001333-1580436667-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...39tqWFho1ZFB_g-v3ODBMUdigoF37w4JrJUw,,&q={searchTerms}
    HKU\S-1-5-21-1417001333-1580436667-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...f17HPxS3twZGVrPeWb0vH7QM7alppxIiOvTeIqK3wkQ,,,,
    HKU\S-1-5-21-1417001333-1580436667-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...39tqWFho1ZFB_g-v3ODBMUdigoF37w4JrJUw,,&q={searchTerms}
    HKU\S-1-5-21-1417001333-1580436667-1801674531-1003\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...39tqWFho1ZFB_g-v3ODBMUdigoF37w4JrJUw,,&q={searchTerms}
    BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => Brak pliku
    BHO: Brak nazwy -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> Brak pliku
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.omniboxes.com/?type=sc&ts=1447...7173&uid=ST9320325AS_6VE39LTJXXXX6VE39LTJ
    StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://www.omniboxes.com/?type=sc&ts=1447...7173&uid=ST9320325AS_6VE39LTJXXXX6VE39LTJ
    S2 Lightzap; C:\Documents and Settings\All Users\Dane aplikacji\\Lightzap\\Lightzap.exe [669184 2016-02-08] () [Brak podpisu cyfrowego]
    S4 ICM_UpdaterService; C:\Program Files\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [X]
    S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-02-09] ()
    S3 catchme; \??\C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\catchme.sys [X]
    S3 EPPVADMP_simple; system32\drivers\EMP_MPAU.sys [X]
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 Ser2pl; system32\DRIVERS\ser2pl.sys [X]
    S3 ss_bus; system32\DRIVERS\ss_bus.sys [X]
    S3 ss_mdfl; system32\DRIVERS\ss_mdfl.sys [X]
    S3 ss_mdm; system32\DRIVERS\ss_mdm.sys [X]
    2016-02-09 20:58 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
    2016-02-09 20:58 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
    2016-02-09 20:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2016-02-09 20:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2016-02-09 20:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2016-02-09 20:58 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2016-02-09 20:58 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
    2016-02-09 20:58 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
    2016-02-09 20:58 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
    2016-02-09 20:57 - 2016-02-10 05:07 - 00000000 ___SD C:\ComboFix
    2016-02-09 20:51 - 2016-02-09 20:57 - 00000000 ___SD C:\32788R22FWJFW
    2016-02-09 20:31 - 2016-02-09 20:31 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
    2016-02-08 19:20 - 2016-02-10 18:20 - 00000432 _____ C:\WINDOWS\Tasks\At1.job
    2016-02-08 19:19 - 2016-02-10 18:15 - 00000478 _____ C:\WINDOWS\Tasks\WłaścicielPapawPhotographicV2.job
    2016-02-08 19:19 - 2016-02-08 19:19 - 00000000 ____D C:\Program Files\Common Files\S-sing
    2016-02-08 19:19 - 2016-02-08 19:19 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Lightzaps
    2016-02-08 19:18 - 2016-02-10 13:24 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Lightzap
    2016-02-08 19:18 - 2016-02-09 07:47 - 00000000 ____D C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\PapawPhotographic
    2016-02-10 18:15 - 2015-05-28 21:10 - 00000456 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1432843825.job
    2016-02-10 18:15 - 2014-03-09 11:27 - 00000232 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job
    2016-02-09 18:56 - 2014-02-27 18:22 - 00000000 ____D C:\AdwCleaner
    2016-01-31 21:18 - 2015-11-16 07:24 - 00000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #3 10 Lut 2016 19:52
    Jarecki21
    Poziom 8  

    Pomogło. Bardzo dziękuję.

    0